Fedora 27: cri-o Security Update
Summary
Kubernetes Container Runtime Interface for OCI-based containers
New version with a few bug fixes ---- Latest build with fixes.
* Mon Jun 18 2018 Dan Walsh
- bump to v1.10.3
* Tue Jun 12 2018 Dan Walsh
- bump to v1.10.2
* Tue May 8 2018 Dan Walsh
- bump to v1.10.1
* Tue May 8 2018 Lokesh Mandvekar (Bot)
- autobuilt 52d0f53
* Mon May 7 2018 Lokesh Mandvekar (Bot)
- autobuilt 5eb8c3b
* Sun May 6 2018 Lokesh Mandvekar (Bot)
- autobuilt 4e54603
* Sat May 5 2018 Lokesh Mandvekar (Bot)
- autobuilt 0489381
* Fri May 4 2018 Lokesh Mandvekar (Bot)
- autobuilt 6db7ef8
* Wed May 2 2018 Lokesh Mandvekar (Bot)
- autobuilt commit 4e6919c
* Wed May 2 2018 Lokesh Mandvekar (Bot)
- autobuilt commit 4e4f1e2
* Mon Apr 30 2018 Dan Walsh
- Fix crio.conf to use correct path to conmon and systemd for cgroup management
* Mon Apr 30 2018 Lokesh Mandvekar (Bot)
- autobuilt commit a221a5d
* Fri Apr 27 2018 Lokesh Mandvekar (Bot)
- autobuilt commit c971f7b
* Thu Apr 26 2018 Lokesh Mandvekar (Bot)
- autobuilt commit 733d791
* Tue Apr 24 2018 Lokesh Mandvekar (Bot)
- autobuilt commit 596d052
* Tue Apr 17 2018 Lokesh Mandvekar (Bot)
- autobuilt commit c24e0d9
* Tue Apr 17 2018 Lokesh Mandvekar (Bot)
- autobuilt commit c24e0d9
* Mon Apr 16 2018 Lokesh Mandvekar (Bot)
- autobuilt commit c24e0d9
* Mon Apr 16 2018 Lokesh Mandvekar (Bot)
- autobuilt commit c24e0d9
* Mon Apr 16 2018 Lokesh Mandvekar (Bot)
- autobuilt commit c24e0d9
* Mon Apr 16 2018 Lokesh Mandvekar (Bot)
- autobuilt commit c24e0d9
* Sun Apr 15 2018 Lokesh Mandvekar (Bot)
- autobuilt commit c24e0d9
* Sat Apr 14 2018 Lokesh Mandvekar (Bot)
- autobuilt commit c24e0d9
* Fri Apr 13 2018 Lokesh Mandvekar (Bot)
- autobuilt commit c24e0d9
* Thu Apr 12 2018 Lokesh Mandvekar (Bot)
- autobuilt commit c24e0d9
* Wed Apr 11 2018 Lokesh Mandvekar (Bot)
- autobuilt commit c24e0d9
* Tue Apr 10 2018 Lokesh Mandvekar (Bot)
- autobuilt commit c24e0d9
* Tue Apr 10 2018 Lokesh Mandvekar (Bot)
- autobuilt commit c24e0d9
* Tue Apr 10 2018 Lokesh Mandvekar (Bot)
- autobuilt commit 1eec122
* Mon Apr 9 2018 Lokesh Mandvekar (Bot)
- autobuilt commit 1eec122
* Mon Apr 9 2018 Lokesh Mandvekar (Bot)
- autobuilt commit 1eec122
* Sun Apr 8 2018 Lokesh Mandvekar (Bot)
- autobuilt commit d0dbfe0
* Sun Apr 8 2018 Lokesh Mandvekar
- autobuilt commit d0dbfe0
* Sun Apr 8 2018 Lokesh Mandvekar
- autobuilt commit d0dbfe0
* Sun Apr 8 2018 Lokesh Mandvekar
- built commit 86b61d4
* Fri Mar 30 2018 Dan Walsh
- Release of v1.10.0
* Mon Mar 26 2018 Lokesh Mandvekar
- built commit b0f6d98
* Fri Mar 16 2018 Dan Walsh
- bump to v1.10.0-beta.1
* Tue Mar 13 2018 Dan Walsh
- bump to v1.9.10
* Fri Mar 9 2018 Dan Walsh
- bump to v1.9.9
* Thu Mar 1 2018 Lokesh Mandvekar
- bump to v1.9.8
- enable integration tests for centos
* Fri Feb 23 2018 Lokesh Mandvekar
- make sure correct version in changelog
* Fri Feb 23 2018 Dan Walsh
- Merge pull request #1357 from runcom/netns-fixes
- sandbox_stop: close/remove the netns _after_ stopping the containers
- sandbox net: set netns closed after actaully closing it
* Wed Feb 21 2018 Dan Walsh
- vendor: update c/image to handle text/plain from registries
* Fri Feb 16 2018 Dan Walsh
- image: Add lock around image cache access
* Thu Feb 15 2018 Dan Walsh
- imageService: cache information about images
- container_create: correctly set user
- system container: add /var/tmp as RW
* Sun Feb 11 2018 Dan Walsh
- Update containers/image and containers/storage
- Pick up lots of fixes in image and storage library
* Thu Feb 8 2018 Dan Walsh
- sandbox: fix sandbox logPath when crio restarts
- syscontainers, rhel: add ADDTL_MOUNTS
- Adapt to recent containers/image API updates
- container_create: only bind mount /etc/hosts if not provided by k8s
* Wed Feb 7 2018 Fedora Release Engineering
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Wed Jan 24 2018 Dan Walsh
- Final Release 1.9.1
* Mon Dec 18 2017 Lokesh Mandvekar
- need runc >= 2:1.0.0-15
* Fri Dec 15 2017 Dan Walsh
- Final Release 1.9.0
* Mon Dec 11 2017 Dan Walsh
- Update to kubernetes 1.9.0 beta 2 cri requirements
- container_exec: fix terminal true process json
- lib: sandbox: refactor to memory store
* Sun Dec 10 2017 Dan Walsh
- Update to kubernetes 1.9.0 beta 1 cri requirements
* Sun Dec 10 2017 Dan Walsh
- container_create: fix apparmor from container config
- container_create: correctly set image and kube envs
- oci: do not append conmon env to container process
- container_exec: use process file with runc exec
* Thu Nov 30 2017 Lokesh Mandvekar
- cri-o should require conmon and not the other way around
* Wed Nov 29 2017 Lokesh Mandvekar
- add additional deps
- From: Antonio Murdaca
* Wed Nov 29 2017 Lokesh Mandvekar
- bump to v1.8.2
* Tue Nov 28 2017 Lokesh Mandvekar
- separate conmon into a separate subpackage
* Wed Nov 22 2017 Dan Walsh
- Add /proc/scsi to masked paths
* Mon Nov 13 2017 Dan Walsh
- bump v1.8.0
- Add support for Kubernetes v1.8
- kpod support moved to the kpod package.
* Thu Nov 9 2017 Lokesh Mandvekar
- bump to v1.0.3
* Mon Oct 30 2017 Dan Walsh
- Lots of bug fixes
- Fixes to pass cri-tools tests
* Wed Oct 25 2017 Dan Walsh
- Lots of bug fixes
- Fixes to pass cri-tools tests
* Mon Oct 16 2017 Dan Walsh
- Add epoch to make sure that this installs
* Mon Oct 16 2017 Dan Walsh
- Get the correct checksum
* Fri Oct 13 2017 Dan Walsh
- Release v1.0.0
- Performance improvements
- Add secrets patch to default mount directories from the host into containers
- Add kpod login/logout
- Change debug flag to log-level, allows admin to specify the loggin level
- Bump to kube v1.7.8
- Build with go 1.8.4
* Tue Oct 3 2017 Lokesh Mandvekar
- build v1.0.0-rc3 tag
* Tue Oct 3 2017 Lokesh Mandvekar
- adjust runc dep for CentOS Virt SIG builds
* Tue Oct 3 2017 Lokesh Mandvekar
- bump to 1.0.0-rc3.dev
- built commit a8ea146
* Wed Sep 20 2017 Lokesh Mandvekar
- bump to v1.0.0-rc2
[ 1 ] Bug #1578110 - CVE-2018-1000400 cri-o: capabilities are not dropped when switching to a non-root user [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1578110
[ 2 ] Bug #1578135 - rpm dependencies: add and track Requires: cri-tools
https://bugzilla.redhat.com/show_bug.cgi?id=1578135
su -c 'dnf upgrade --advisory FEDORA-2018-320cb9d7fb' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZYWKWCBMF2UGDAYQARLAQ3WGHNL4DCOI/
FEDORA-2018-320cb9d7fb 2018-06-26 16:06:37.183455 Product : Fedora 27 Version : 1.10.3 Release : 1.gite558bd5.fc27 URL : https://github.com/cri-o/cri-o Summary : Kubernetes Container Runtime Interface for OCI-based containers Description : Kubernetes Container Runtime Interface for OCI-based containers New version with a few bug fixes ---- Latest build with fixes. * Mon Jun 18 2018 Dan Walsh - 2:1.10.3-1.rhaos3.10.gite558bd - bump to v1.10.3 * Tue Jun 12 2018 Dan Walsh - 2:1.10.2-2.rhaos3.10.git1ffcbb - bump to v1.10.2 * Tue May 8 2018 Dan Walsh - 2:1.10.1-1.git728df92 - bump to v1.10.1 * Tue May 8 2018 Lokesh Mandvekar (Bot) - 2:1.10.0-37.git52d0f53 - autobuilt 52d0f53 * Mon May 7 2018 Lokesh Mandvekar (Bot) - 2:1.10.0-36.git5eb8c3b - autobuilt 5eb8c3b * Sun May 6 2018 Lokesh Mandvekar (Bot) - 2:1.10.0-35.git4e54603 - autobuilt 4e54603 * Sat May 5 2018 Lokesh Mandvekar (Bot) - 2:1.10.0-34.git0489381 - autobuilt 0489381 * Fri May 4 2018 Lokesh Mandvekar (Bot) - 2:1.10.0-33.git6db7ef8 - autobuilt 6db7ef8 * Wed May 2 2018 Lokesh Mandvekar (Bot) - 2:1.10.0-32.git4e6919c - autobuilt commit 4e6919c * Wed May 2 2018 Lokesh Mandvekar (Bot) - 2:1.10.0-31.git4e4f1e2 - autobuilt commit 4e4f1e2 * Mon Apr 30 2018 Dan Walsh - 2:1.10.0-30.gita221a5d - Fix crio.conf to use correct path to conmon and systemd for cgroup management * Mon Apr 30 2018 Lokesh Mandvekar (Bot) - 2:1.10.0-28.gita221a5d - autobuilt commit a221a5d * Fri Apr 27 2018 Lokesh Mandvekar (Bot) - 2:1.10.0-27.gitc971f7b - autobuilt commit c971f7b * Thu Apr 26 2018 Lokesh Mandvekar (Bot) - 2:1.10.0-26.git733d791 - autobuilt commit 733d791 * Tue Apr 24 2018 Lokesh Mandvekar (Bot) - 2:1.10.0-25.git596d052 - autobuilt commit 596d052 * Tue Apr 17 2018 Lokesh Mandvekar (Bot) - 2:1.10.0-24.gitc24e0d9 - autobuilt commit c24e0d9 * Tue Apr 17 2018 Lokesh Mandvekar (Bot) - 2:1.10.0-23.gitc24e0d9 - autobuilt commit c24e0d9 * Mon Apr 16 2018 Lokesh Mandvekar (Bot) - 2:1.10.0-22.gitc24e0d9 - autobuilt commit c24e0d9 * Mon Apr 16 2018 Lokesh Mandvekar (Bot) - 2:1.10.0-21.gitc24e0d9 - autobuilt commit c24e0d9 * Mon Apr 16 2018 Lokesh Mandvekar (Bot) - 2:1.10.0-20.gitc24e0d9 - autobuilt commit c24e0d9 * Mon Apr 16 2018 Lokesh Mandvekar (Bot) - 2:1.10.0-19.gitc24e0d9 - autobuilt commit c24e0d9 * Sun Apr 15 2018 Lokesh Mandvekar (Bot) - 2:1.10.0-18.gitc24e0d9 - autobuilt commit c24e0d9 * Sat Apr 14 2018 Lokesh Mandvekar (Bot) - 2:1.10.0-17.gitc24e0d9 - autobuilt commit c24e0d9 * Fri Apr 13 2018 Lokesh Mandvekar (Bot) - 2:1.10.0-16.gitc24e0d9 - autobuilt commit c24e0d9 * Thu Apr 12 2018 Lokesh Mandvekar (Bot) - 2:1.10.0-15.gitc24e0d9 - autobuilt commit c24e0d9 * Wed Apr 11 2018 Lokesh Mandvekar (Bot) - 2:1.10.0-14.gitc24e0d9 - autobuilt commit c24e0d9 * Tue Apr 10 2018 Lokesh Mandvekar (Bot) - 2:1.10.0-13.gitc24e0d9 - autobuilt commit c24e0d9 * Tue Apr 10 2018 Lokesh Mandvekar (Bot) - 2:1.10.0-12.gitc24e0d9 - autobuilt commit c24e0d9 * Tue Apr 10 2018 Lokesh Mandvekar (Bot) - 2:1.10.0-11.git1eec122 - autobuilt commit 1eec122 * Mon Apr 9 2018 Lokesh Mandvekar (Bot) - 2:1.10.0-10.git1eec122 - autobuilt commit 1eec122 * Mon Apr 9 2018 Lokesh Mandvekar (Bot) - 2:1.10.0-9.git1eec122 - autobuilt commit 1eec122 * Sun Apr 8 2018 Lokesh Mandvekar (Bot) - 2:1.10.0-8.gitd0dbfe0 - autobuilt commit d0dbfe0 * Sun Apr 8 2018 Lokesh Mandvekar - 2:1.10.0-7.gitd0dbfe0 - autobuilt commit d0dbfe0 * Sun Apr 8 2018 Lokesh Mandvekar - 2:1.10.0-6.gitd0dbfe0 - autobuilt commit d0dbfe0 * Sun Apr 8 2018 Lokesh Mandvekar - 2:1.10.0-5.git86b61d4 - built commit 86b61d4 * Fri Mar 30 2018 Dan Walsh - 2:1.10.0-4 - Release of v1.10.0 * Mon Mar 26 2018 Lokesh Mandvekar - 2:1.10.0-3.gitb0f6d98 - built commit b0f6d98 * Fri Mar 16 2018 Dan Walsh - 2:1.10.0-beta.1 - bump to v1.10.0-beta.1 * Tue Mar 13 2018 Dan Walsh - 2:1.9.10-1.git8723732 - bump to v1.9.10 * Fri Mar 9 2018 Dan Walsh - 2:1.9.9-1.git4d7e7dc - bump to v1.9.9 * Thu Mar 1 2018 Lokesh Mandvekar - 2:1.9.8-1.git7d9d2aa - bump to v1.9.8 - enable integration tests for centos * Fri Feb 23 2018 Lokesh Mandvekar - 2:1.9.7-2.gita98f9c9 - make sure correct version in changelog * Fri Feb 23 2018 Dan Walsh - 2:1.9.7-1.gita98f9c9 - Merge pull request #1357 from runcom/netns-fixes - sandbox_stop: close/remove the netns _after_ stopping the containers - sandbox net: set netns closed after actaully closing it * Wed Feb 21 2018 Dan Walsh - 2:1.9.6-1.git5e48c92 - vendor: update c/image to handle text/plain from registries * Fri Feb 16 2018 Dan Walsh - 2:1.9.5-1.git125ec8a - image: Add lock around image cache access * Thu Feb 15 2018 Dan Walsh - 2:1.9.4-1.git28c7dee - imageService: cache information about images - container_create: correctly set user - system container: add /var/tmp as RW * Sun Feb 11 2018 Dan Walsh - 2:1.9.3-1.git63ea1dd - Update containers/image and containers/storage - Pick up lots of fixes in image and storage library * Thu Feb 8 2018 Dan Walsh - 2:1.9.2-1.gitb066a83 - sandbox: fix sandbox logPath when crio restarts - syscontainers, rhel: add ADDTL_MOUNTS - Adapt to recent containers/image API updates - container_create: only bind mount /etc/hosts if not provided by k8s * Wed Feb 7 2018 Fedora Release Engineering - 2:1.9.1-2.gitb066a83 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Wed Jan 24 2018 Dan Walsh - 2:1.9.1-1.gitb066a8 - Final Release 1.9.1 * Mon Dec 18 2017 Lokesh Mandvekar - 2:1.9.0-4.gita85ea60 - need runc >= 2:1.0.0-15 * Fri Dec 15 2017 Dan Walsh - 2:1.9.0-3.gita85ea60 - Final Release 1.9.0 * Mon Dec 11 2017 Dan Walsh - 2:1.9.0-1.beta.1.gita85ea60 - Update to kubernetes 1.9.0 beta 2 cri requirements - container_exec: fix terminal true process json - lib: sandbox: refactor to memory store * Sun Dec 10 2017 Dan Walsh - 2:1.9.0-1.beta.1.git0ab5e80 - Update to kubernetes 1.9.0 beta 1 cri requirements * Sun Dec 10 2017 Dan Walsh - 2:1.8.3-1.gitd9922a9 - container_create: fix apparmor from container config - container_create: correctly set image and kube envs - oci: do not append conmon env to container process - container_exec: use process file with runc exec * Thu Nov 30 2017 Lokesh Mandvekar - 2:1.8.2-3.git3de7ab4c - cri-o should require conmon and not the other way around * Wed Nov 29 2017 Lokesh Mandvekar - 2:1.8.2-2.git3de7ab4c - add additional deps - From: Antonio Murdaca * Wed Nov 29 2017 Lokesh Mandvekar - 2:1.8.2-1.git3de7ab4c - bump to v1.8.2 * Tue Nov 28 2017 Lokesh Mandvekar - 2:1.8.1-2.git32d1708d - separate conmon into a separate subpackage * Wed Nov 22 2017 Dan Walsh - 1.8.1-1.git32d1708d - Add /proc/scsi to masked paths * Mon Nov 13 2017 Dan Walsh - 1.8.0-1.git80f54bc1 - bump v1.8.0 - Add support for Kubernetes v1.8 - kpod support moved to the kpod package. * Thu Nov 9 2017 Lokesh Mandvekar - 1.0.3-1.git17bcfb4 - bump to v1.0.3 * Mon Oct 30 2017 Dan Walsh - 1.0.2-1.git748bc46 - Lots of bug fixes - Fixes to pass cri-tools tests * Wed Oct 25 2017 Dan Walsh - 1.0.1-1.git64a30e1 - Lots of bug fixes - Fixes to pass cri-tools tests * Mon Oct 16 2017 Dan Walsh - 1.0.0-6.gita636972 - Add epoch to make sure that this installs * Mon Oct 16 2017 Dan Walsh - 1.0.0-5.gita636972 - Get the correct checksum * Fri Oct 13 2017 Dan Walsh - 1.0.0-4.gitcd1bac5 - Release v1.0.0 - Performance improvements - Add secrets patch to default mount directories from the host into containers - Add kpod login/logout - Change debug flag to log-level, allows admin to specify the loggin level - Bump to kube v1.7.8 - Build with go 1.8.4 * Tue Oct 3 2017 Lokesh Mandvekar - 1.0.0-3.rc3.gitd2c6f64 - build v1.0.0-rc3 tag * Tue Oct 3 2017 Lokesh Mandvekar - 1.0.0-2.rc3.dev.gita8ea146 - adjust runc dep for CentOS Virt SIG builds * Tue Oct 3 2017 Lokesh Mandvekar - 1.0.0-1.rc3.dev.gita8ea146 - bump to 1.0.0-rc3.dev - built commit a8ea146 * Wed Sep 20 2017 Lokesh Mandvekar - 1.0.0-1.rc2.git6784a66 - bump to v1.0.0-rc2 [ 1 ] Bug #1578110 - CVE-2018-1000400 cri-o: capabilities are not dropped when switching to a non-root user [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1578110 [ 2 ] Bug #1578135 - rpm dependencies: add and track Requires: cri-tools https://bugzilla.redhat.com/show_bug.cgi?id=1578135 su -c 'dnf upgrade --advisory FEDORA-2018-320cb9d7fb' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZYWKWCBMF2UGDAYQARLAQ3WGHNL4DCOI/
Change Log
References